Re: conntrack enhancement

(Re-send this again including CC) Hi Florian, I suspect this is for -j CONNMARK --restore-mark / --save-mark ? >> Yes, current thought is to shift bits when mark is restored. Something like skb->mark = ct->mark >> $lshift; ? >> Yes, we shift ct marks. I don't really understand how this is

[PATCH] build: do install libipset/args.h

libipset/types.h includes args.h, therefore args.h must be installed too. Signed-off-by: Jan Engelhardt --- include/libipset/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/include/libipset/Makefile.am b/include/libipset/Makefile.am index 3b47518..79a1357 100644

Re: [bisected] Forwarded packets occasionally has loopback output interface in Netfilter

On tor, 2018-01-11 at 10:18 -0800, Wei Wang wrote: > On Thu, Jan 11, 2018 at 9:25 AM, Anders K. Pedersen | Cohaesio > wrote: > > On tir, 2017-12-26 at 12:05 +0100, Anders K. Pedersen | Cohaesio > > wrote: > > > Hello, > > > > > > On one of our border routers, Netfilter is

question about UNDEFINE/REDEFINE

Hello, we have a firewall written in bash (using iptables) that is organized by customer VLANs. Each VLAN has its own set of bash variables holding things like uplink iface names, gateway IPs, etc. We want to rewrite the firewall to nftables but are stuck on the fact that nft variables cannot

[PATCH nft,RFC] src: add 'auto-merge' option to sets

After discussions with Karel here: https://bugzilla.netfilter.org/show_bug.cgi?id=1184 And later on with Phil Sutter, we decided to disable the automatic merge feature in sets with intervals. This feature is problematic because it introduces an inconsistency between what we add and what we later

Darlehen

Benötigen Sie Privat- oder Geschäftskredite ohne Stress und schnelle Zustimmung? Wenn ja, kontaktieren Sie uns bitte alexgr...@gmail.com -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at